Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 536270 (CVE-2014-8583)

Summary: <www-apache/mod_wsgi-4.3.0: Privilege escalation vulnerability (CVE-2014-8583)
Product: Gentoo Security Reporter: GLSAMaker/CVETool Bot <glsamaker>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: major CC: djc
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B1 [glsa cve]
Package list:
Runtime testing required: ---
Bug Depends on: 533312    
Bug Blocks:    

Description GLSAMaker/CVETool Bot gentoo-dev 2015-01-11 00:41:57 UTC 
CVE-2014-8583 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8583):
  mod_wsgi before 4.2.4 for Apache, when creating a daemon process group, does
  not properly handle when group privileges cannot be dropped, which might
  allow attackers to gain privileges via unspecified vectors.


Maintainers, please call for stabilization on the version you would prefer to be the candidate.
Comment 1 Dirkjan Ochtman (RETIRED) gentoo-dev 2015-01-11 08:24:21 UTC 
Bug 533312 was already open, so let's do 4.3.0?
Comment 2 GLSAMaker/CVETool Bot gentoo-dev 2016-12-30 01:25:57 UTC 
This issue was resolved and addressed in
 GLSA 201612-49 at https://security.gentoo.org/glsa/201612-49
by GLSA coordinator Thomas Deutschmann (whissi).